Dirmann Technology Consultants

vRealize Business for Cloud – Critical 9.8 / 10 Vulnerability

Team:

Yesterday on my LinkedIn I announced that VMware had just release a security advisory that affected vRealize Business for Cloud. This vulnerability got a whopping 9.8 as a CSSv3 base score. If you’re not familiar with how vulnerabilities are rated, that equates to “you should remediate this situation….now!” The max score is a 10, to put it into a different perspective.

Remote Code Execution

The exploit allows the attacker to perform unauthorized remote code execution on the vRealize Business for Cloud (vRB) appliance. What does that mean? They don’t need any explicit rights or authorization to execute any commands, scripts, etc. on that machine.

Remediation

According to the advisory, the only way to remediate the issue is to apply the patch that can be found on https://my.vmware.com. Build 17828140 was released on 5/5/21 under filename ‘vRealize-Business-for-Cloud-7.6.0.46000-17828140-updaterepo.iso’.

Conclusion

I know this was a quick post, but it’s severe enough to just get down to business if you’re a vRB 7.6 user. You can find a link to the original advisory here and one to the knowledge base article here. Thanks for reading. If you enjoyed the post make sure you check us out at dirmann.tech and follow us on LinkedInTwitterInstagram, and Facebook!

References:

https://kb.vmware.com/s/article/83475

https://www.vmware.com/security/advisories/VMSA-2021-0007.html

Share this article on social media:
Facebooktwitterredditpinterestlinkedinmail